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DETAILED ACTION 

RESPONSE TO ARGUMENTS 

Applicant's amendments and arguments submitted on 1 1/19/09 are fully considered and 
arguments are moot in view of new ground of rejection. 

CLAIMS PRESENTED 

Claims 1-6, 8-16, 18, 20-26 are presented. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

1. Claims 1-6, 9-16, 20-25 rejected under 35 U.S.C. 103(a) as being 

unpatentable over Reinert, US Patent No. 6347375, and Arnold, US Patent 

No. 6279128 and in view of Le t al. USPN 7356679 B1. 

As per claim 1, 12, 20: 

Reinert teaches: 

A method, comprising: 

initializing a virus scanner during a pre-boot phase of a computer system; 
[see col. 7, lines 46-59] 

scrubbing data read from an input/output (I/O) device of the computer system during the pre-boot 
phase by the virus scanner using a virus signature database before the data is loaded, wherein 
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the virus signature database is stored in a place not exposed to the operating system and is 

updated during the pre-boot phase; and 

[see col. 8, lines 20-45, wherein the virus signature file is downloaded and stored in the 
computers local memory, away from the hard disk and not exposed to the operating 
system]] 

enacting a platform policy if a virus is detected in the data. 
[see col. 8, lines 46-60] 

Reinert has been discussed above. Reinert is mute in teaching "determining whether to perform 
a memory scrub based on a platform policy". For this limitation, examiner relies upon the Arnold 
reference. Arnold teaches an autonomous system for recognition of patterns formed by stored 
data during computer memory scrubbing (see col. 3, lines 65-67, and col. 4, lines 1-21). It would 
have been obvious to one of ordinary skill in the art to modify the invention taught by Reinert to 
implement the memory scrubbing techniques taught by Arnold so that it would be possible to 
uncover inactive computer virus signatures in a memory subsystem. Doing so during the pre- 
boot phase, as suggested by the Reinert invention would allow the scrubbing to be done 
passively and autonomously and transparently as desired by Arnold, (see col. 3, lines 54-62) 

The combination fails to teach "wherein the virus scanner is executing in a 
virtual machine monitor (VMM) executing on the computer system, the VMM 
supporting at least one virtual machine (VM) executing on the computer system, 
wherein the VM executes an operating system that is different from the VMM and 
the operating systems executed by other VMs and the VMM acts as an 
input/output (I/O) controller for requests to selected I/O ports". 

However Le et al. teaches wherein the virus scanner is executing in a 
virtual machine monitor (VMM) executing on the computer system (see figs 8, 
col. 68 lines 32-35, col. 86 lines 31-36 and col. 58 lines 59-62; program 
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executed on Virtual Machine Monitor 6300 ... virus scanner program on 
VMM 6300), the VMM supporting at least one virtual machine (VM) executing on 
the computer system (see fig. 8; VM1 and VM2), wherein the VM executes an 
operating system that is different from the VMM (see col. 68 lines 32-54 and fig. 
8; the VMs execute different operating systems from the monitor and/or 
controller VMM 6300) and the operating systems executed by other VMs and 
the VMM acts as an input/output (I/O) controller for requests to selected I/O ports 
(see col. 58 lines 56-65, col. 67 lines 52-64 and col. 87 lines 29-41; user 
selected I/O port requests controlled by other VMs and VMM application(s)) 
and VM supported by the VMM (see fig. 8). 

Therefore it would have been obvious to one having ordinary skill in the art 
at the time of the invention was made to modify Reinert to execute virus scanner 
on a VMM. 

As per claim 2, Reinert teaches: 

The method of claim 1 , further comprising scrubbing contents of a memory 
device of the computer system during the pre-boot phase by the virus scanner. 
[see col. 8, lines 24-32] 

As per claim 3, 13, Reinert teaches: 

The method of claim 1 , further comprising updating the virus signature database 
with updated virus signatures. 
[see col. 8, lines 33-35]] 
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As per claim 4, Reinert teaches: 

The method of claim 3 wherein the virus signature database is updated during 
the pre-boot phase. 

[see col. 7, lines 60-67 and col. 8, lines 1-19, wherein control of the computer is 
transferred to the remote computer prior to loading of the operating system and the 
remote computer keeps the virus signature file up to date] 

As per claim 5, 14, Reinert teaches: 

The method of claim 1 wherein the virus signature database is not exposed to an 
operating system executing on the computer system. 

[see rejection of claim 1] 

As per claim 6, 22, Reinert teaches: 

The method of claim 5 wherein the virus signature database is stored in a 
firmware-reserved area. 

[see rejection of claim 1, wherein the virus signature file is stored in the local memory] 
As per claim 9, 15, 24, Reinert teaches: 

The method of claim 1 wherein the virus scanner is operable during the pre-boot 
phase, an operating system (OS) runtime phase, and an after-life phase of the 
computer system independent of an operating system of the computer system. 
[see col. 7, lines 27-45] 
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As per claim 10, 16, 25, Reinert teaches: 

The method of claim 1 wherein the virus scanner scrubs the data without having 
knowledge of a file system of the data. 

[see col. 8, lines 30-35] 
As per claim 11, Reinert teaches: 

The method of claim 1 , further comprising enacting the platform policy if the virus 
scanner detects non-normal behavior within the computer system. 

As per claims 17-18, the combination teaches the method wherein scrubbing 
data read from the I/O device includes: receiving a request from a requester to 
read data from the I/O device, the requester in a VM of the at least one VM (Le 
et al. fig. 8, col. 58 lines 56-65, col. 67 lines 52-64 and col. 87 lines 29-41); 
loading at least a portion of the requested data into a buffer (Le et al. col. 58 
lines 56-65, col. 67 lines 52-64 and col. 87 lines 29-41 and Reinert col. 8 
lines 20-45); scrubbing the at least a portion of the requested data with the virus 
scanner (Reinert col. 8 lines 20-45 and 46-60); returning an error signal to the 
requester if the virus scanner detects a virus in the at least a portion of the 
requested data; and forwarding the requested data to the requester if the virus 
scanner does not detect a virus in the at least a portion of the requested data 
(Reinert col. 7 lines 4-20 and Le et al. fig. 8). The rational for combining are the 
same as claim 1 abive. 



As per claim 21, Reinert teaches: 
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The computer system of claim 20, further comprising a network interface operatively coupled to 
the processor, the virus scanner to scrub data read from the network interface using the virus 
signature database before the data is loaded in the memory device. 
[see col. 8, lines 61-67] 



As per claim 23, Reinert teaches: 

The system of claim 20 wherein execution of the firmware instructions further 
perform operations comprising updating the virus signature database with 
updated virus signatures downloaded from an external virus signature repository 
communicatively coupled to the computer system. 

[see col. 8, lines 20-25] 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
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the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any response to this Office Action should be faxed to (571 ) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 



Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

*. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner 
can normally be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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